A while back I started on this journey, and as most people did, I’ve had my ups and downs and went through the learning curve, I’ve now reached the point of so much knowledge that I truly know, I dont know shit. People of Lemmy I come to you today because idk what to do, I recently made a free account with proton, their subscription is fairly cheap so idm paying the monthly tier of 15GB so I can have control over ending it whenever I please instead of being locked in for a year. Now, I heard about Tuta but never dived much into it, i know Proton has had its controversies (Don’t be shy of reminding me of what they were), but what are my options here truly for a proper FOSS email provider? I can negate the free part for a reasonable price, but truly private AND secure is a must.
Self Hosting isn’t an option yet for personal reasons unless it’s completely free.
Just a week ago I wrote my impressions of diverse email providers so I put it here with a few corrections:
Proton gives me some no good vibe I cannot explain, but it works really good and they really have the human capital to make it work the best. A big criticism is hosting some many services under one roof… specially VPN, drive and email, but it is very convenient for customers. They do also have policies of no-refund that makes that bad sentiment grow… Why no refunding non-used portion or even with a penalty? Regarding its founder, Andy, he did made 3 statements that appeared to support Trump, but I think they were misinterpreted; Andy criticized more the Democrats unrelenting support for the Tech Giants than praising the Republican administration. Let’s remember that, at that time, Trump was the only voice that appeared that was going to favor more the small business vs the mega corporations. Of course, that was the promise that Trump, as with all others he made, were a complete lie. I don’t recall any other statements from Andy beyond that topic of small business vs big tech. After listening to many of Andy interviews, he does not seem to me like a typical Conservative, let alone MAGA supporter.
Mailbox, has been static for a while, but they do offer a good service and now they are attempting to modernize. No full privacy by default but that could potentially be with some effort, but okay for most people. Still a bit German-centric. I still would recommend them easily.
Posteo would have been my first choice since 5 years ago, but the lack of no being able to use your domain, sorry to say it is inexcusable. They say because your own domain brings some privacy up to light, very true! So advise it, “look, we suggest to use our domains for better privacy for you, but if you want the freedom to move to another provider in the future at the cost of a bit of privacy, you are welcome to bring your own domain”. I want to believe the decision was genuine because they think it is for better privacy and not to create a lock-in for its customers.
Tuta… oh Tuta. I like the people, I believe and trust them the most! Yet, they probably still need to grow a bit so they can have the resources to do better (maintaining an email service is it very hard nowadays, even more a privacy oriented one). Their android client does not share data with Google for the push notifications (hello Proton?!) and that should be a fundamental requirement. For just email, it is fantastic and for privacy it is the best, period… if you are OK with the lack of support on IMAP and POP3 protocols that is; They should do some bridge like Proton does and I would put in top among all in a instant.
Other privacy oriented providers can be okay since they have a low profile and less targeted by 3rd actors, but at the same time also less prone to keep with security updates. It is sad, but I would not use in a daily basics. Same with self-hosting, free or non-free, don’t! As mentioned, it is very complicated not only from a security concern but also many email will get lost in the void by picky providers like Gmail.
On the concerns of the change of political colors in Germany, first regarding privacy, you are more at the wimps of the people of the provider than the leader of the time. I don’t really see any country as safe today, not a single one! Now, a right owner is someone like Lavabit’s that choose to close shop rather than given the SSL keys to the US authorities, that is why trust is so critical; I would rather use a provider based in the US with the right owner, than one in Switzerland with one I don’t know much about. Your only protections are the technology and the owner!
Once said that, unless you are a high targeted individual, maybe you should not only focus on privacy, besides, sometimes, the best defense is to blend-in among the no-so-top-notch-privacy providers. In any case, I trust the most Tuta, but recommend Mailbox for most people and Proton to those a bit concerned about normal privacy. I think there is room for a new player here that covers all the shortcomings, but it is not here yet.
Thank you so much, based on what I understand, your top 2 would be posteo and Tuta, putting the “using your own domain” problem aside, how would you compare them side by side if you had to pick one? Multiple people said Tuta is missing important privacy features like PGP and other stuff
From Posteo I cannot say much more since using my own domain is critical.
Tuta, it is indeed missing PGP and that is a problem if you are trying to communicate with someone that uses PGP. Now, Tuta’s encryption although no as universal as PGP, you could say it is better implemented since the subject is encrypted (unlike with PGP’s). The shortcoming is is that Tuta’s encryption only works seamless between Tuta accounts, or the recipient is offered a web link where he/she has to enter a password. In real life, a handful full know to to work with PGP.
So at the end depends on who you intend to send emails to… are part of them PGP users? If yes, get Proton, if not, either Proton or Tuta will be OK, use other criteria to choose between them.
I still need to properly learn what PGP is beyond an encryption and learn how to use it haha 😅
I recently switched to Proton, mostly to get out of Gmail and Hotmail.
I did this firstly to get out of the yankee services, not because I trust Proton: their claims of private mail are mostly bullshit, and they do clearly behave like a CIA honeypot, so I don’t trust them (as I didn’t trust the other two), so I use the free account (also there are increasingly fewer and fewer free options nowadays) just to get emails that I’m more than okay being known, or where my domain emails don’t work.
Everything else goes to an assortment of addresses on my webstorage with my domain, running on a national server outside of all the cursed 9/14/etc eyes. Even still I expect them to be fully visible under a court order. But I get no one actively profiting off their info, and get no spam there. So I’m very happy with the change.
Proton has come with some not outright lies, but misleading advertisements. I understand the thin line that privacy companies have manage between appealing to a larger audience to get economies of scale but not mislead at the same time to achieve that. It is hard for them since we expect prices of other non-privacy oriented providers but with far more complex systems that required far more RAM, more storage, more audits, more special expertise, etc. Proton is a success at Privacy but Tuta I respect more.